aboutsummaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
AgeCommit message (Collapse)Author
2015-01-151.6.3pseudo-1.6.3PSEUDO_1_6_3Peter Seebach
2015-01-15Clean up the path allocation a bit morePeter Seebach
Having the same logic twice was sorta bugging me. Now the function-like-macro is sorta bugging me, and I'll just let it.
2015-01-14Make --without-passwd-fallback workPeter Seebach
This is derived in significant part from contributions to oe-core by Peter A. Bigot. I reworked the path routine a bit to use an already duplicated string instead of allocating copies of parts of it. The first issue was just that there was a missing antimagic() around some of the path operations. The second is that we wanted to have a way to provide a fallback password file which isn't the host's, but which can be used in the case where the target filesystem hasn't got a password yet, for bootstrapping purposes. (So there's a minimal password file that just has root, basically.) Also, I noticed a design flaw, which is that if you ended up calling pseudo_pwd_lck_open() twice in a row, the second time through, pseudo would first check whether it had a path name for the file (it does), and thus not allocate one, then call the close routine (which frees it and nulls the pointer), then open a new one... and not have a file name, so the next attempt to close it wouldn't unlink the file. This shouldn't ever come up in real code, but it was bugging me. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2015-01-05Try to handle trailing slashesPeter Seebach
It turns out that "a/" is equivalent to "a/.", and that in particular it should fail when a is not a directory. Pseudo's been silently stripping them and this breaks things. Attempt to fix that, lightly tested.
2014-10-03call this 1.6.2Peter Seebach
2014-10-03Possibly fix strange corruptionsPeter Seebach
Trying to track down problems which sometimes result in files showing up as nameless files, producing clashes later. Looks like there were two issues; one is we were creating links for files that we'd already found by inode. The other is that rename was sending bogus LINK messages in some cases. Also simplified the find_file_dev path to extract the path as part of the initial operation, since there wasn't any case where that wasn't being done immediately afterwards.
2014-10-03further fixups for did_unlinkPeter Seebach
So it turns out that the sanity checks should be skipped on did_unlink, because otherwise if an inode gets reused for a different file type, it'll get nuked. This is pretty rare, but appears to bite us occasionally during debug stripping.
2014-10-03pseudo.c: Suppress probably-spurious diagnosticsPeter Seebach
It turns out that, in the fairly common case where the did-unlink stuff has saved us from worse problems, pseudo produces probably-spurious error messages about the path mismatch when the did-unlink shows up. Change that into a debug message. Also fix a typo in a comment.
2014-10-02pseudo_db.c: use bind_int64 for inodesPeter Seebach
XFS apparently has 64-bit inodes. Our inode data path was *almost* 64-bit clean. This doesn't require a database format change because sqlite3 doesn't distinguish, but it will probably invalidate existing files.db things on XFS. But they were broken anyway.
2014-07-181.6.1pseudo-1.6.1PSEUDO_1_6_1Peter Seebach
2014-07-18be less chattyPeter Seebach
2014-07-17linux/portdefs.h: fix non-x86 buildPeter Seebach
The assumption that a host is either x86_64 or x86_32 does not hold well on target systems.
2014-07-11symbol version tweakspseudo-1.6.0PSEUDO_1_6_0Peter Seebach
We don't want to pick up newer memcpy because pseudo sometimes has to run host binaries even when built against a newer libc.
2014-07-10make xattr work on DarwinSeebs
More complicated, because we actually need to make com.apple stuff work probably.
2014-07-10don't pass -L/usr/libSeebs
The sqlite flags don't need to be present if they don't have meaningful values. I think.
2014-06-13Use constant initializer for staticPeter Seebach
strlen(array) isn't a constant expression, even though gcc can sometimes figure it out at compile time.
2014-06-13Don't follow symlinks for lutimes()Peter Seebach
Also for lstat, but that probably never matters because in Linux you will never actually call lstat without working really hard at it, because you end up calling __lxstat anyway. (Was already doing the right thing for Darwin.)
2014-05-27add a test for umask and filesystem modesPeter Seebach
2014-05-27Honor umaskPeter Seebach
We used to rely on filesystem operations to apply the umask when appropriate, but when we started masking out 022, that stopped working. Start watching umask.
2014-05-16Mask 022 back in for database.Peter Seebach
PSEUDO_DB_MODE restores a proposed mode's 0700 bits, but now that we're masking 022 out, it should also restore those. Change it to restore 0722 from a proposed mode before sending to database.
2014-05-16pseudo_has_unload: add functionPeter Seebach
Various wrappers checked for a non-null pseudo_get_value("PSEUDO_UNLOAD") to determine whether the environment should include the pseudo variables. None of those checks freed the returned value when it was not null. The new check function does. The new check function also sees whether PSEUDO_UNLOAD was defined in the environment that should be used in the wrapped system call. This allows pkg_postinst scripts to strip out the LD_PRELOAD setting, for example before invoking qemu to execute commands in an environment that does not have libpseudo.so. [YOCTO #4843] Signed-off-by: Peter A. Bigot <pab@pabigot.com> Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2014-05-16Shutdown pingPeter Seebach
Wait until the server has finished processing all of our messages before exiting. Otherwise, it's possible for a command which sends a no-response message and then exits to be followed by another command which assumes the first one's done, and the second command's messages can get processed first.
2014-05-16Permissions handling tweaks (fchmodat, mask out write bits)Peter Seebach
Change the handling of fchmodat(AT_SYMLINK_NOFOLLOW) to reject it if the host system does, so we preserve host system behavior. Mask out group/other write bits when actually creating files to reduce risks to filesystem integrity.
2014-05-15fchmodat: don't pass AT_SYMLINK_NOFOLLOWseebs/xattrPeter Seebach
underlying fchmodat() will just fail, but GNU tar calls it that way anyway, figuring it'll just retry on failure, but we don't report the failure. Nor do we want to, because that's expensive and slow and will result in additional database round trips. But I don't want to fail out right away, so for now, just strip the flag.
2014-01-23mkdir was storing/reporting modes with 0700 addedPeter Seebach
2014-01-23mknod apparently got broken a long time ago, fixedPeter Seebach
2014-01-22New version 1.6.Peter Seebach
2014-01-22Don't automatically fall back to /etc/passwd.Peter Seebach
In some cases, we'd rather pseudo fail than fall back to using /etc/passwd or /etc/group. Make the determination of what to fall back to when neither PSEUDO_PASSWD nor a chroot directory contains passwd/group files controllable by a configure-time flag, controlled by --with-passwd-fallback= or --without-passwd-fallback.
2014-01-22minor message cleanupPeter Seebach
2014-01-22fix typo in man pagePeter Seebach
2014-01-22future planning notesPeter Seebach
2014-01-22some minor tweaks to the performance testPeter Seebach
2013-06-25Change debugging to use flags rather than levelsPeter Seebach
This is a moderately intrusive change. The basic overall effect: Debugging messages are now controlled, not by a numeric "level", but by a series of flags, which are expressed as a string of letters. Each flag has a single-letter form used for string specifications, a name, a description, a numeric value (1 through N), and a flag value (which is 1 << the numeric value). (This does mean that no flag has the value 1, so we only have 31 bits available. Tiny violins play.) The other significant change is that the pseudo_debug calls are now implemented with a do/while macro containing a conditional, so that computationally-expensive arguments are never evaluated if the corresponding debug flags weren't set. The assumption is that in the vast majority of cases (specifically, all of them so far) the debug flags for a given call are a compile-time constant, so the nested conditional will never actually show up in code when compiled with optimization; we'll just see the appropriate conditional test. The VERBOSE flag is magical, in that if the VERBOSE flag is used in a message, the debug flags have to have both VERBOSE and at least one other flag for the call to be made. This should dramatically improve performance for a lot of cases without as much need for PSEUDO_NDEBUG, and improve the ability of users to get coherent debugging output that means something and is relevant to a given case. It's also intended to set the stage for future development work involving improving the clarity and legibility of pseudo's diagnostic messages in general. Old things which used numeric values for PSEUDO_DEBUG will sort of continue to work, though they will almost always be less verbose than they used to. There should probably be a pass through adding "| PDBGF_CONSISTENCY" to a lot of the messages that are specific to some other type.
2013-06-18Fix RHEL 4.7 compilation errorPeter Seebach
No idea how this survived so long, but the clone() syscall prototype on RHEL 4.7 doesn't have the "..." for additional arguments, so we can't pass them. Also had unused variables that would otherwise have been being filled in from va_args and passed. But there's no extra args to pass. Interestingly, this contradicts the clone() man page in RHEL 4.7. If you have problems with clone() there, that's probably why.
2013-02-27documentation updatesPeter Seebach
2013-02-27remove left-over debug messagePeter Seebach
2013-02-26PSEUDO_ALLOW_FSYNC: Allow fsync()pseudo-1.5PSEUDO_1_5Peter Seebach
Some filesystems have buggy semantics where stat(2) will return incorrect sizes for files for a while after some changes, sometimes, unless they've been fsync'd. We still want to disable fsync most of the time, but enabling it for specific programs can be useful. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2013-02-26completely remove pseudo_debugcalls when -DNDEBUGPeter Seebach
2013-02-17Darwin fixes for fsync changes, uninitialized variablePeter Seebach
Darwin's off_t is a 64-bit type, so there's no off64_t. Also, there's an uninitialized variable usage in unlinkat which LLVM catches. Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
2013-02-16allow pseudo to force asynchronous behaviorPeter Seebach
The openembedded build, at least with RPM or SMART, is heavily affected by the cost of calling fsync or fdatasync on package databases all the time. Gosh, wouldn't it be nice if we could suppress that without making dozens of highly intrusive and risky changes into RPM, various database packages, and so on? Yes, yes it would. If only there were a program which could intercept system calls and change their behavior! Enter --enable-force-async. There are now wrappers for fsync, fdatasync, and a few related functions. If --enable-force-async is set, these wrappers instantly return 0, even if PSEUDO_DISABLED is set. And with any luck, bitbake will now perform a bit better. Credit for this insight goes to Richard Purdie. I've reimplemented this to add the configure option, and make the fsync suppression work even when PSEUDO_DISABLED is set.
2013-02-16Use in-memory database for filesPeter Seebach
It turns out that file databases don't get very large, and that sqlite3 can be quite fast with an in-memory database. It also turns out that dumping the database to disk on exit (or during idle times) is pretty cheap compared to constant updates. So: We add "--enable-memory-db", which defaults to on if you have sqlite 3.7 or later, and off for 3.6 (because 3.6 has horrible performance with in-memory db on some hosts we tried).
2013-02-13Fix linkat() again.pseudo-1.4.5PSEUDO_1_4_5Peter Seebach
wrap_linkat() was trying to avoid "redundantly" expanding paths before calling real_linkat(). Which is fine when you're not using an absolute path in a chroot environment, but if you are, it ends up calling the real syscall with the absolute path and no chroot prefix. General observation: All the *at() implementations are expanding paths into absolute paths, then dutifully calling real_*at() functions with them anyway. This is silly. Added a note to Futures.txt to fix it some day. In the mean time, linkat() is fixed correctly; it always expands paths, does so exactly once, and then uses the underlying link() call because it doesn't need special processing of directory fds anymore. Also fixed errno stashing to reduce the risk that link() will change errno in a circumstance where it doesn't actually fail.
2013-02-12Fix link() to work when chrootedpseudo-1.4.4PSEUDO_1_4_4Peter Seebach
The automatic path fixups invoked for names which end in the string "path" was still applying to link(), which then called linkat(), which would do the same path fixups; if you were chrooted, this would produce bogus paths. On systems which actually have linkat(), this would produce the even more mysterious behavior that the link would succeed, but the following stat would fail. Solution: Change the wrapfuncs prototypes for link() so it doesn't invoke automatic path name fixups.
2013-01-31Tag: 1.4.3.pseudo-1.4.3PSEUDO_1_4_3Peter Seebach
Fixed up the libdir stuff in a saner way, fixed the @GLIBC_2.7 thing, want to avoid any risk of someone having a stale archive.
2013-01-30Add sqlite-lib setting.pseudo-1.4.2PSEUDO_1_4_2Peter Seebach
There's a few circumstances where sqlite's libdir isn't the same as the directory name we want to use for libpseudo.so, so make it a separate setting. This may obviate the need for --with-static-sqlite. Signed-off-by: seebs <peter.seebach@windriver.com>
2013-01-30Remove a couple of highly non-obvious GLIBC_2.7 dependencies.Peter Seebach
There were a couple of cases where pseudo built against GLIBC_2.7 or newer was ending up with dependencies on symbols which required GLIBC_2.7. With these gone, it appears that a libpseudo.so can be used on an older host in some cases. None were particularly important or intentional: 1. pseudo_util was conditionally calling open() with only two arguments, which can invoke a new __open2() function in some systems. Don't care, and the docs specifically state that the mode argument is "ignored" when O_CREAT is absent, so it's not necessary to omit it. 2. The calls to sscanf/fscanf in pseudo_client.c were getting translated into a special new iso_c99 sscanf/fscanf, and we don't care because we're not using those features; #define _GNU_SOURCE suppresses the extra-compliant behavior. Signed-off-by: seebs <peter.seebach@windriver.com>
2012-12-13tag (and makefile.in) 1.4.2Peter Seebach
2012-12-12bitrot and linkat() fixes for Darwin.SEEBS_TESTINGPeter Seebach
2012-12-12add linkat() implementationPeter Seebach
We never had an implementation for linkat() because no one used it; now someone uses it. link() is now implemented on top of linkat(). Note the abnormal AT_SYMLINK_FOLLOW (as opposed to _NOFOLLOW) flag.
2012-08-09Fix up chroot damage caused by PSEUDO_STATBUF fixpseudo-1.4.1PSEUDO_1_4_1Peter Seebach
The PSEUDO_STATBUF change (allowing operations on files over 2GB even on 32-bit systems) introduced a subtle bug; by calling stat64() rather than real_stat(), pseudo stopped handling chrooted paths well. In most cases, this was fine, but in the specific case of a rename, where the stat buffers for the various parts were actually used, it wasn't. Of particular note, pseudo could end up creating links which had stack garbage for their stat buffs, because it assumed that if the rename operation succeeded, the stat operations must have succeeded. Of course, there is no real_stat64 in the Linux port, because there's no need for it; most code is calling __xstat64 or some relative thereof, and even if you did really call stat64, it'd end up routed there anyway. So we add that so that it can be used for calls and we don't have to encode Linux-specific magic about __xstat into the generic header.